ITU-T G.8032 Ethernet Ring Protection Switching The ITU-T G.8032 Ethernet Ring Protection Switching feature implements protection switching mechanisms for Ethernet layer ring topologies. This feature uses the G.8032 Ethernet Ring Protection (ERP) protocol, defined in ITU-T G.8032, to provide protection for Ethernet traffic in a ring topology, while ensuring that no loops are within the ring at the Ethernet layer. The loops are prevented by blocking traffic on either a predetermined link or a failed link. • Prerequisites for Configuring ITU-T G.8032 Ethernet Ring Protection Switching, page 1 • About ITU-T G.8032 Ethernet Ring Protection Switching, page 1 • Restrictions for Configuring ITU-T G.8032 Ethernet Ring Protection Switching, page 8 • How to Configure ITU-T G.8032 Ethernet Ring Protection Switching, page 9 • Configuration Examples for ITU-T G.8032 Ethernet Ring Protection Switching, page 20 Prerequisites for Configuring ITU-T G.8032 Ethernet Ring Protection Switching • The Ethernet Flow Points (EFPs) must be configured. About ITU-T G.8032 Ethernet Ring Protection Switching Ring Protection Links An Ethernet ring consists of multiple Ethernet ring nodes. Each Ethernet ring node is connected to adjacent Ethernet ring nodes using two independent ring links. A ring link prohibits formation of loops that affect the network. The Ethernet ring uses a specific link to protect the entire Ethernet ring. This specific link is called the Ring Protection Link (RPL). A ring link is bound by two adjacent Ethernet ring nodes and a port for a ring link (also known as a ring port). There must be at least two Ethernet ring nodes in a Ethernet ring. Ethernet Channel Configuration Guide IOS XE Release 3S (Cisco ASR 920 Series) 1
22
Embed
ITU-T G.8032 Ethernet Ring Protection Switching · Ethernet Channel Configuration Guide IOS XE Release 3S (Cisco ASR 920 Series) 1. ITU-T G.8032 Ethernet Ring Protection Switching
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
ITU-T G.8032 Ethernet Ring Protection Switching
The ITU-TG.8032 Ethernet Ring Protection Switching feature implements protection switchingmechanismsfor Ethernet layer ring topologies. This feature uses the G.8032 Ethernet Ring Protection (ERP) protocol,defined in ITU-T G.8032, to provide protection for Ethernet traffic in a ring topology, while ensuring thatno loops are within the ring at the Ethernet layer. The loops are prevented by blocking traffic on either apredetermined link or a failed link.
• Prerequisites for Configuring ITU-T G.8032 Ethernet Ring Protection Switching, page 1
• About ITU-T G.8032 Ethernet Ring Protection Switching, page 1
• Restrictions for Configuring ITU-T G.8032 Ethernet Ring Protection Switching, page 8
• How to Configure ITU-T G.8032 Ethernet Ring Protection Switching, page 9
• Configuration Examples for ITU-T G.8032 Ethernet Ring Protection Switching, page 20
Prerequisites for Configuring ITU-T G.8032 Ethernet RingProtection Switching
• The Ethernet Flow Points (EFPs) must be configured.
About ITU-T G.8032 Ethernet Ring Protection Switching
Ring Protection LinksAn Ethernet ring consists of multiple Ethernet ring nodes. Each Ethernet ring node is connected to adjacentEthernet ring nodes using two independent ring links. A ring link prohibits formation of loops that affect thenetwork. The Ethernet ring uses a specific link to protect the entire Ethernet ring. This specific link is calledthe Ring Protection Link (RPL). A ring link is bound by two adjacent Ethernet ring nodes and a port for aring link (also known as a ring port). There must be at least two Ethernet ring nodes in a Ethernet ring.
ITU-T G.8032 Ethernet Ring Protection Switching FunctionalityThe Ethernet ring protection functionality includes the following:
• Loop avoidance
• The use of learning, forwarding, and Filtering Database (FDB) mechanisms
Loop avoidance in an Ethernet ring is achieved by ensuring that, at any time, traffic flows on all but the RingProtection Link (RPL).
The following is a list of RPL types (or RPL nodes) and their functions:
• RPL owner—Responsible for blocking traffic over the RPL so that no loops are formed in the Ethernettraffic. There can be only one RPL owner in a ring.
• RPL neighbor node—An Ethernet ring node adjacent to the RPL. It is responsible for blocking its endof the RPL under normal conditions. This node type is optional and prevents RPL usage when protected.
• RPL next-neighbor node—Next-neighbor node is an Ethernet ring node adjacent to an RPL owner nodeor RPL neighbor node. It is mainly used for FDB flush optimization on the ring. This node is alsooptional.
The following figure illustrates the G.8032 Ethernet ring topology.
Figure 1: G.8032 Ethernet Ring Topology
R-APS Control MessagesNodes on the ring use control messages called Ring Automatic Protection Switching (R-APS) messages tocoordinate the activities of switching the ring protection link (RPL) on and off. Any failure along the ringtriggers a R-APS Signal Failure (R-APS SF) message in both directions of the nodes adjacent to the failedlink, after the nodes have blocked the port facing the failed link. On obtaining this message, the RPL ownerunblocks the RPL port.
ITU-T G.8032 Ethernet Ring Protection SwitchingITU-T G.8032 Ethernet Ring Protection Switching Functionality
A single link failure in the ring ensures a loop-free topology.Note
CFM Protocols and Link FailuresConnectivity Fault Management (CFM) and line status messages are used to detect ring link and node failure.During the recovery phase, when the failed link is restored, the nodes adjacent to the restored link send RingAutomatic Protection Switching (R-APS) No Request (R-APS NR) messages. On obtaining this message, thering protection link (RPL) owner blocks the RPL port and sends R-APS NR and R-APS RPL (R-APS NR,RB) messages. These messages cause all other nodes, other than the RPL owner in the ring, to unblock allblocked ports. The Ethernet Ring Protection (ERP) protocol works for both unidirectional failure and multiplelink failure scenarios in a ring topology.
The G.8032 Ethernet Ring Protection (ERP) protocol uses CFM Continuity Check Messages (CCMs) atan interval of 3.3 milliseconds (ms). At this interval (which is supported only on selected platforms),SONET-like switching time performance and loop-free traffic can be achieved.
Note
G.8032 Ring-Supported Commands and FunctionalityA G.8032 ring supports these basic operator administrative commands:
• Force switch (FS)—Allows the operator to forcefully block a particular ring port. Note the followingpoints about FS commands:
• Effective even if there is an existing SF condition
• Multiple FS commands for ring are supported
• May be used to allow immediate maintenance operations
• Manual switch (MS)—Allows the operator to manually block a particular ring port. Note the followingpoints about MS commands:
• Ineffective in an existing FS or signal failure (SF) condition
• Overridden by new FS or SF conditions
• Multiple MS commands cancel all MS commands
• Clear—Cancels an existing FS or MS command on the ring port. The Clear command is used at the ringprotection link (RPL) owner to clear a nonrevertive mode condition.
A G.8032 ring can support multiple instances. An instance is a logical ring running over a physical ring. Suchinstances are used for various reasons, such as load-balancing VLANs over a ring. For example, odd-numberedVLANsmay go in one direction of the ring, and even-numbered VLANsmay go in the other direction. SpecificVLANs can be configured under only one instance. They cannot overlap multiple instances. Otherwise, datatraffic or Ring Automatic Protection Switching (R-APS) messages may cross logical rings, which is notdesirable.
ITU-T G.8032 Ethernet Ring Protection SwitchingCFM Protocols and Link Failures
G.8032 ERP TimersThe G.8032 Ethernet Ring Protection (ERP) protocol specifies the use of different timers to avoid raceconditions and unnecessary switching operations:
• Delay timers—Used by the Ring Protection Link (RPL) owner to verify that the network has stabilizedbefore blocking the RPL. Note the following points about delay timers.
• After a signal failure (SF) condition, a Wait-to-Restore (WTR) timer is used to verify that the SFis not intermittent.
• The WTR timer can be configured by the operator. The default time interval is 5 minutes; the timeinterval ranges from 1 to 12 minutes.
• After a force switch (FS) or a manual switch (MS) command is issued, a Wait-to-Block (WTB)timer is used to verify that no background condition exists.
The WTB timer interval may be shorter than the WTR timer interval.Note
• Guard timer—Used by all nodes when changing state; the guard timer blocks latent outdated messagesfrom causing unnecessary state changes. The guard timer can be configured. The default time intervalis 500 ms; the time interval ranges from 10 to 2000 ms.
• Hold-off timers—Used by the underlying Ethernet layer to filter out intermittent link faults. The hold-offtimer can be configured. The default time interval is 0 seconds; the time interval ranges from 0 to 10seconds. Faults are reported to the ring protection mechanism only if this timer expires.
ITU-T G.8032 Ethernet Ring Protection SwitchingG.8032 ERP Timers
Protection Switching Functionality in a Single Link Failure and RecoveryThe following figure illustrates protection switching functionality in a single-link failure.
Figure 2: G.8032 Ethernet Ring Protection Switching in a Single-Link Failure
The figure represents an Ethernet ring topology consisting of seven Ethernet ring nodes. The ring protectionlink (RPL) is the ring link between Ethernet ring nodes A and G. In this topology, both ends of the RPL areblocked. Ethernet ring node G is the RPL owner node, and Ethernet ring node A is the RPL neighbor node.
The following sequence describes the steps followed in the single-link failure:
1 A link operates in the normal condition.
2 A failure occurs.
3 Ethernet ring nodes C and D detect a local signal failure (SF) condition and after the hold-off time interval,block the failed ring port and perform the FDB flush.
4 Ethernet ring nodes C and D start sending Ring Automatic Protection Switching (R-APS) SF messagesperiodically along with the (node ID and bidirectional path-protected ring (BPR) identifier pair) on bothring ports while the SF condition persists.
ITU-T G.8032 Ethernet Ring Protection SwitchingProtection Switching Functionality in a Single Link Failure and Recovery
5 All Ethernet ring nodes receiving an R-APS SF message perform the FDB flush. When the RPL ownernode G and RPL neighbor node A receive an R-APS SF message, the Ethernet ring node unblocks its endof the RPL and performs the FDB flush.
6 All Ethernet ring nodes receiving a second R-APS SFmessage perform the FDB flush again; the additionalFDB flush is because of the node ID and BPR-based configuration.
7 R-APS SF messages are detected on the Ethernet Ring indicating a stable SF condition. Further R-APSSF messages trigger no further action.
The following figure illustrates the steps taken in a revertive operation in a single-link failure.
The following sequence describes the steps followed in the single-link failure revertive (recovery) operation:
1 A link operates in the stable SF condition.
2 Recovery of link failure occurs.
3 Ethernet ring nodes C and D detect clearing of the SF condition, start the guard timer, and initiate periodictransmission of the R-APS No Request (NR) messages on both ring ports. (The guard timer prevents thereception of R-APS messages.)
4 When the Ethernet ring nodes receive an R-APS NR message, the node ID and BPR identifier pair of areceiving ring port is deleted and the RPL owner node starts the Wait-to-Restore (WTR) timer.
5 When the guard timer expires on Ethernet ring nodes C and D, the nodes may accept the new R-APSmessages, if any. Ethernet ring node D receives an R-APSNRmessage with a higher node ID from Ethernetring node C, and unblocks its nonfailed ring port.
ITU-T G.8032 Ethernet Ring Protection SwitchingProtection Switching Functionality in a Single Link Failure and Recovery
6 When the WTR timer expires, the RPL owner node blocks its end of the RPL, sends R-APS (NR or routeblocked [RB]) message with the (node ID and BPR identifier pair), and performs the FDB flush.
7 When Ethernet ring node C receives an R-APS (NR or RB) message, the node removes the block on itsblocked ring ports, and stops sending R-APS NR messages. On the other hand, when the RPL neighbornode A receives an R-APS NR or RB message, the node blocks its end of the RPL. In addition, Ethernetring nodes A to F perform the FDB flush when receiving an RAPS NR or RB message because of thenode ID and BPR-based configuration.
Ethernet Flow PointsAn Ethernet flow point (EFP) is a forwarding decision point in the provider edge (PE) router, which givesnetwork designers flexibility to make many Layer 2 flow decisions within the interface. Many EFPs can beconfigured on a single physical port. (The number varies from one device to another.) EFPs are the logicaldemarcation points of an Ethernet virtual connection (EVC) on an interface. An EVC that uses two or moreuser network interfaces (UNIs) requires an EFP on the associated ingress and egress interfaces of every devicethat the EVC passes through.
EFPs can be configured on any Layer 2 traffic port; however, they are usually configured on UNI ports. Thefollowing parameters (matching criteria) can be configured on the EFP:
• Frames of a specific VLAN, a VLAN range, or a list of VLANs (100-150 or 100,103,110)
• Frames with no tags (untagged)
• Frames with identical double-tags (VLAN tags) as specified
• Frames with identical Class of Service (CoS) values
A frame passes each configured match criterion until the correct matching point is found. If a frame does notfit any of the matching criteria, it is dropped. Default criteria can be configured to avoid dropping frames.
The following types of commands can be used in an EFP:
• Rewrite commands—In each EFP, VLAN tag management can be specified with the following actions:
• Pop—1) pops out a tag; 2) pops out two tags
• Push— pushes in a tag
• Translate—1 to 1) changes a tag value; 1 to 2) pops one tag and pushes two tags; 2 to 1) pops twotags and pushes one tag; 2 to 2) changes the value for two tags
• Forwarding commands—Each EFP specifies the forwarding command for the frames that enter the EFP.Only one forwarding command can be configured per EFP. The forwarding options are as follows:
• Layer 2 point-to-point forwarding to a pseudowire tunnel
• Multipoint bridge forwarding to a bridge domain entity
• Local switch-to-switch forwarding between two different interfaces
• Feature commands—In each EFP, the QoS features or parameters can be changed and the ACL can beupdated.
ITU-T G.8032 Ethernet Ring Protection SwitchingEthernet Flow Points
Service Instances and Associated EFPsConfiguring a service instance on a Layer 2 port creates a pseudoport or EFP on which you configure EVCfeatures. Each service instance has a unique number per interface, but you can use the same number on differentinterfaces because service instances on different ports are not related.
An EFP classifies frames from the same physical port to one of the multiple service instances associated withthat port, based on user-defined criteria. Each EFP can be associated with different forwarding actions andbehavior.
When an EFP is created, the initial state is UP. The state changes to DOWN under the following circumstances:
• The EFP is explicitly shut down by a user.
• The main interface to which the EFP is associated is down or removed.
• If the EFP belongs to a bridge domain, the bridge domain is down.
• The EFP is forced down as an error-prevention measure of certain features.
Use the service instance ethernet interface configuration command to create an EFP on a Layer 2 interfaceand to enter service instance configuration mode. Service instance configuration mode is used to configureall management and control data plane attributes and parameters that apply to the service instance on aper-interface basis. The service instance number is the EFP identifier.
After the device enters service instance configuration mode, you can configure these options:
• default--Sets a command to its defaults
• description--Adds a service instance-specific description
• encapsulation--Configures Ethernet frame match criteria
• exit--Exits from service instance configuration mode
• no--Negates a command or sets its defaults
• shutdown--Takes the service instance out of service
Restrictions for Configuring ITU-T G.8032 Ethernet RingProtection Switching
• G.8032 is supported only on EFP bridgedomains on the physical interface and port-channel interface.
• G.8032 is supported only on EFP with dot1q, dot1ad, QinQ, or dot1ad-dot1Q encapsulation type.
• G.8032 is not supported on xconnect interface.
• G.8032 does not support more than two ERP instances per ring.
• Link flap occurs while configuring the inclusion or exclusion VLAN list.
• Admin shut down is highly recommended before making any changes in Connectivity FaultManagement(CFM) configuration.
• The efd notify command must be used under CFM configuration to notify G.8032 of failures, if any.
ITU-T G.8032 Ethernet Ring Protection SwitchingHow to Configure ITU-T G.8032 Ethernet Ring Protection Switching
PurposeCommand or Action
Specifies a nonrevertive Ethernet ring instance.non-revertive
Example:
Device(config-erp-profile)# non-revertive
Step 5
• By default, Ethernet ring instances are revertive.
Returns to user EXEC mode.end
Example:
Device(config-erp-profile)# end
Step 6
Configuring Ethernet CFM MEPsConfiguring Ethernet Connectivity Fault Management (CFM) maintenance endpoints (MEPs) is optionalalthough recommended for fast failure detection and CFMmonitoring. When CFMmonitoring is configured,note the following points:
• Static remote MEP (RMEP) checking should be enabled.
• The MEPs should be configured to enable Ethernet fault detection.
For information about configuring Ethernet Connectivity Fault Management (CFM) maintenance endpoints(MEPs), see the “Configuring Ethernet Connectivity FaultManagement in a Service Provider Network”moduleof the Carrier Ethernet Configuration Guide.
Enabling Ethernet Fault Detection for a ServiceTo enable Ethernet Fault Detection (EFD) for a service to achieve fast convergence, complete the followingsteps
ITU-T G.8032 Ethernet Ring Protection SwitchingConfiguring a Service Instance
PurposeCommand or Action
Creates a service instance (an instance of an EVC) on aninterface and enters service instance configuration mode.
service instance instance-id ethernet [evc-id]
Example:
Device(config-if)# service instance 101 ethernet
Step 4
Defines the matching criteria to be used in order to mapingress dot1q frames on an interface to the appropriateservice instance.
encapsulation dot1q vlan-id [native]
Example:
Device(config-if-srv)# encapsulation dot1q 13
Step 5
Binds the service instance to a bridge domain instance.bridge-domain bridge-id [split-horizon [groupgroup-id]]
Step 6
Example:
Device(config-if-srv)# bridge-domain 12
Exits service instance configuration mode.end
Example:
Device(config-if-srv)# end
Step 7
Verifying the Ethernet Ring Protection (ERP) Switching ConfigurationTo verify the ERP switching configuration, use one or more of the following commands in any order.
SUMMARY STEPS
1. enable2. show ethernet ring g8032 status [ring-name] [instance [instance-id]]3. show ethernet ring g8032 brief [ring-name] [instance [instance-id]]4. show ethernet ring g8032 summary5. show ethernet ring g8032 statistics [ring-name] [instance [instance-id]]6. show ethernet ring g8032 profile [profile-name]7. show ethernet ring g8032 port status interface [type number]8. show ethernet ring g8032 configuration [ring-name] instance [instance-id]9. show ethernet ring g8032 trace {ctrl [ring-name instance instance-id] | sm}10. end
ITU-T G.8032 Ethernet Ring Protection SwitchingExample: Enabling Ethernet Fault Detection for a Service
bridge-domain from-encapsulation!service instance 1001 ethernet 8032-evcencapsulation dot1q 1001rewrite ingress tag pop 1 symmetricbridge-domain 1001cfm mep domain G8032 mpid 20
!service instance 1002 ethernet 8032-evc-1encapsulation dot1q 1002rewrite ingress tag pop 1 symmetricbridge-domain 1002
!End
Example: Verifying the Ethernet Ring Protection ConfigurationThe following is sample output from the show ethernet ring g8032 configuration command. Use thiscommand to verify if the configuration entered is valid and to check for anymissing configuration parameters.
Device# show ethernet ring g8032 configuration
ethernet ring ring0Port0: GigabitEthernet0/0/0 (Monitor: GigabitEthernet0/0/0)Port1: GigabitEthernet0/0/4 (Monitor: GigabitEthernet0/0/4)Exclusion-list VLAN IDs: 4001-4050Open-ring: noInstance 1Description:Profile: oppRPL:Inclusion-list VLAN IDs: 2,10-500APS channelLevel: 7Port0: Service Instance 1Port1: Service Instance 1State: configuration resolved